7ea8e09470dbc870a0427c0a0a79cebc6fed5e6143ec203d0a1d18b8425e8785

Sharing

Copy URL Twitter E-mail

General

Target

7ea8e09470dbc870a0427c0a0a79cebc6fed5e6143ec203d0a1d18b8425e8785
Size

1.6MB
MD5

a6a2d3f36046cbf0383c950006e76289
SHA1

7cdf2b64473843d112016839b532b20afc7eb9ab
SHA256

7ea8e09470dbc870a0427c0a0a79cebc6fed5e6143ec203d0a1d18b8425e8785
SHA512

1db2b2da11e3f7a6df05fad22a414a23dcf09c58ebfc0040e15772dcc94fcc7337deb95ba4d5bf48ae27a604ebcdb3784b2ba72625b4e4e129e150bef405a3bf
SSDEEP

49152:eN4CEBqbPkWcYKqyhGK5C9G4A+dv0216kkt9yiUMB2U:eN4CEokWcYKqywK5CjAIFkt9yiUMB2U

Score

1^/10

Malware Config

Signatures

Files

7ea8e09470dbc870a0427c0a0a79cebc6fed5e6143ec203d0a1d18b8425e8785
.exe windows x86

8a4c02a73b973b4ae4bdd04e74e60e28

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ProcessIdToSessionId
GetSystemInfo
InterlockedCompareExchange
MoveFileW
GetLogicalDriveStringsW
QueryDosDeviceW
GetTempPathW
CopyFileW
GetTempFileNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
FlushFileBuffers
FileTimeToSystemTime
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetUserDefaultLangID
FileTimeToLocalFileTime
GetComputerNameA
GetStdHandle
WaitForMultipleObjects
VirtualFree
VirtualAlloc
SetEvent
ReleaseSemaphore
ResetEvent
CreateSemaphoreW
CreateEventW
lstrcpyW
lstrcatW
SetFileAttributesW
DeviceIoControl
CreateFileA
LoadLibraryA
OpenMutexW
OpenEventW
OpenSemaphoreW
GetCurrentProcessId
ExpandEnvironmentStringsW
CreateProcessW
GetSystemTime
SetUnhandledExceptionFilter
FormatMessageA
ExpandEnvironmentStringsA
LocalFree
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetFullPathNameA
GetDriveTypeA
GetCurrentDirectoryA
GetLocaleInfoW
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetStartupInfoA
SetHandleCount
HeapCreate
IsValidCodePage
GetOEMCP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
ExitProcess
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
VirtualQuery
GetModuleHandleA
VirtualProtect
GetFileType
SetStdHandle
ExitThread
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
HeapSize
HeapReAlloc
HeapDestroy
GetThreadLocale
GetLocaleInfoA
GetACP
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
GetVersionExA
LocalAlloc
OpenProcess
GetSystemDirectoryW
RemoveDirectoryW
FindClose
GetTickCount
SetEndOfFile
WriteFile
CreateDirectoryW
GetFileAttributesW
SetFilePointer
GetCurrentThread
SetThreadPriority
lstrcmpiW
GlobalAlloc
GlobalLock
MapViewOfFileEx
GlobalUnlock
GlobalFree
LoadLibraryExW
InterlockedDecrement
DeleteCriticalSection
InterlockedIncrement
CreateThread
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
MoveFileExW
DeleteFileW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WaitForSingleObject
Sleep
TerminateThread
GetDiskFreeSpaceExW
GetDriveTypeW
FreeResource
CloseHandle
InterlockedExchange
LeaveCriticalSection
CreateFileW
EnterCriticalSection
GetFileSize
RaiseException
ReadFile
GetCurrentProcess
GetPrivateProfileStringW
InitializeCriticalSection
GetModuleHandleW
GetProcAddress
GetVersionExW
SetLastError
lstrlenA
FindResourceExW
MultiByteToWideChar
LoadResource
LockResource
GetLocalTime
SizeofResource
GetWindowsDirectoryW
FreeLibrary
LoadLibraryW
FindResourceW
FlushInstructionCache
GetModuleFileNameW
GetLastError
WideCharToMultiByte
lstrlenW
GetPrivateProfileIntW
OutputDebugStringW
GetCurrentThreadId
SleepEx
FindFirstFileA

user32

LoadBitmapW
CharNextW
FindWindowExW
UpdateWindow
GetDlgItem
CharUpperW
CharLowerW
PostThreadMessageW
ReleaseDC
PeekMessageW
IsWindow
PtInRect
GetNextDlgTabItem
GetDC
UnregisterClassA
BringWindowToTop
CreateWindowExW
CallWindowProcW
AttachThreadInput
DestroyWindow
ClientToScreen
GetWindowTextW
IsWindowVisible
GetMessageW
GetWindowRect
SetForegroundWindow
TranslateMessage
MonitorFromWindow
OffsetRect
EndPaint
SetActiveWindow
LoadImageW
DispatchMessageW
GetMonitorInfoW
GetClientRect
MapWindowPoints
LoadIconW
DrawTextW
GetClassInfoExW
SetRectEmpty
CopyRect
SetCapture
SendMessageW
ReleaseCapture
SetCursor
RegisterClassExW
GetCursorPos
ScreenToClient
ShowWindow
LoadCursorW
UpdateLayeredWindow
IsRectEmpty
SetWindowLongW
EqualRect
SetWindowTextW
KillTimer
MoveWindow
FindWindowW
GetKeyState
GetActiveWindow
WindowFromPoint
DrawIconEx
GetDesktopWindow
GetScrollPos
IntersectRect
GetDlgCtrlID
IsWindowEnabled
EnableWindow
PostMessageW
GetFocus
SetRect
RegisterWindowMessageW
GetWindowThreadProcessId
IsChild
DrawFrameControl
GetForegroundWindow
SetFocus
BeginPaint
DefWindowProcW
SystemParametersInfoW
GetParent
SetWindowPos
IsDialogMessageW
DestroyIcon
InflateRect
GetWindowLongW
InvalidateRect
SetTimer
GetWindowTextLengthW
SetWindowRgn
GetWindow

gdi32

GetCurrentObject
SaveDC
DeleteDC
ExtTextOutW
CreateRoundRectRgn
RoundRect
Rectangle
GetClipRgn
GetTextExtentPoint32W
TextOutW
BitBlt
CreateFontIndirectW
CreateCompatibleBitmap
DeleteObject
GetTextColor
CreateCompatibleDC
GetViewportOrgEx
CreateDIBSection
RectInRegion
CreateRectRgn
GetStockObject
GetObjectW
CombineRgn
LineTo
ExtSelectClipRgn
MoveToEx
OffsetRgn
CreateRectRgnIndirect
SetBkMode
CreatePen
SetTextColor
RestoreDC
SelectObject
StretchBlt
SetViewportOrgEx
SelectClipRgn
CreateBitmap
SetStretchBltMode
GetTextMetricsW
CreateFontW
SetBkColor
GetDeviceCaps

advapi32

RegSetValueExW
RegOpenKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateProcessAsUserW
SetTokenInformation
DuplicateTokenEx
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegDeleteValueW
RegDeleteKeyW

shell32

SHGetFolderPathW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
SHGetPathFromIDListW
Shell_NotifyIconW
SHBrowseForFolderW
SHFileOperationW
ShellExecuteW

ole32

CoUninitialize
CoSetProxyBlanket
CoCreateGuid
CoTaskMemFree
CreateStreamOnHGlobal
CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc
CoInitializeEx

oleaut32

SysFreeString
VarUI4FromStr
SysStringLen
VariantInit
VariantCopy
VariantClear
SysAllocString

shlwapi

PathAppendW
PathFindExtensionW
PathFindFileNameW
StrToIntA
PathAddBackslashW
PathFileExistsW
StrToIntW
PathRemoveFileSpecW

comctl32

InitCommonControlsEx
_TrackMouseEvent

msimg32

AlphaBlend

gdiplus

GdipCloneBitmapArea
GdipLoadImageFromStream
GdipImageRotateFlip
GdipCreateBitmapFromHBITMAP
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdipDrawImagePointsRectI
GdipCreateStringFormat
GdipGraphicsClear
GdipAddPathPieI
GdipGetImagePixelFormat
GdipSetTextRenderingHint
GdipDeleteStringFormat
GdipDrawImageI
GdipDeleteBrush
GdipSetStringFormatAlign
GdipCreateImageAttributes
GdipCreateFont
GdipCloneBrush
GdipFillPath
GdipCreateFromHDC
GdipCreatePen1
GdipGetFontSize
GdipDisposeImageAttributes
GdipMeasureString
GdipSetCompositingQuality
GdipSetClipPath
GdipDrawPath
GdipCreateFontFromLogfontW
GdipClosePathFigure
GdipDrawImageRectRectI
GdipSetImageAttributesColorMatrix
GdipAddPathArcI
GdipSetStringFormatLineAlign
GdipFillRectangle
GdipSetPenDashStyle
GdipDeletePath
GdipSetStringFormatFlags
GdipNewPrivateFontCollection
GdipCreatePath
GdipSetStringFormatTrimming
GdipDeletePrivateFontCollection
GdipDrawRectangleI
GdipCreateLineBrushI
GdipFillRectangleI
GdipCloneImage
GdiplusStartup
GdipPrivateAddFontFile
GdipCreateBitmapFromScan0
GdipTranslateWorldTransform
GdipDrawLinesI
GdipGetFontCollectionFamilyCount
GdiplusShutdown
GdipLoadImageFromFile
GdipRotateWorldTransform
GdipDrawLine
GdipGetImageGraphicsContext
GdipDrawImageRectRect
GdipAlloc
GdipDisposeImage
GdipResetWorldTransform
GdipSetSmoothingMode
GdipFree
GdipDeleteFont
GdipSetPixelOffsetMode
GdipDeleteFontFamily
GdipSetPenMode
GdipGetFontCollectionFamilyList
GdipGetImageHeight
GdipCloneFontFamily
GdipGetFamily
GdipGetImageWidth
GdipSetPenStartCap
GdipAddPathRectangleI
GdipSetInterpolationMode
GdipSetPenEndCap
GdipDrawString
GdipCreateSolidFill
GdipAddPathStringI
GdipDeletePen
GdipDeleteGraphics
GdipDrawImageRectI

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

rasapi32

RasEnumConnectionsW

iphlpapi

IcmpSendEcho
IcmpCloseHandle
IcmpCreateFile
GetAdaptersInfo

Sections

.text
Size: 748KB - Virtual size: 747KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 576KB - Virtual size: 574KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a4c02a73b973b4ae4bdd04e74e60e28

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

version

wtsapi32

psapi

rasapi32

iphlpapi

Sections

.text Size: 748KB - Virtual size: 747KB

.rdata Size: 160KB - Virtual size: 156KB

.data Size: 28KB - Virtual size: 46KB

.rsrc Size: 576KB - Virtual size: 574KB

.text
Size: 748KB - Virtual size: 747KB

.rdata
Size: 160KB - Virtual size: 156KB

.data
Size: 28KB - Virtual size: 46KB

.rsrc
Size: 576KB - Virtual size: 574KB